Privacy policy

Steirische Tourismus und Standortmarketing GmbH- STG
St.-Peter-Hauptstrasse 243
A-8042 Graz

Data Protection Officer :
derSchenner Consulting GmbH & Co KG
Bürgergasse 40, 8200 Gleisdorf
dsba@derSchenner.at 

By visiting this website you are giving us consent to collect certain data. In return, we are committed to protecting  your data in line with the latest technology.

Your details are not passed on to third parties for advertising  purposes. Third parties only receive your personal data as stated within these listed regulations.

The following data processing operations are carried out by us

3.1 Contact via e-mail or telephone

If you send us an email or call us, the personal data you provide will be processed to answer and process your request or order. Your data will either be processed further in accordance with the following processing procedures or (if no offer or order is derived from this) deleted after 2 years.

The legal basis for the processing of personal data for answering or processing your request is Art. 6 para. 1 lit. b GDPR.

3.2 Preparation of offers

If we submit an offer to you, the personal data processed for this purpose, as well as your contact details, will be processed and stored on our systems. The storage period is 10 years.

The legal basis for processing for the period until our offer is rejected is Art. 6(1)b GDPR.
The legal basis for processing beyond this until the deletion period is Art. 6(1)f GDPR.

3.3 Order processing, communication, order documentation

Your data (name, address, telephone number, email address, or other data provided by you) will be processed for the purpose of order fulfillment. The documentation of the order and the invoicing (incl. delivery bills) are stored for a period of 10 years.

The legal basis for the processing of personal data for the fulfillment of the contract is Art. 6 para. 1 lit b GDPR or Art. 6 para. 1 lit c GDPR regarding storage duration (according to BAO).

3.4 Accommodation brokerage

If you send us an accommodation inquiry, the personal data you provide will be processed in order to respond to and process your inquiry or order (see points 17 & 18). Your data will also be forwarded to the relevant accommodation provider(s) and deleted after 2 years.

The legal basis for the processing of personal data for the provision of accommodation is Art. 6 para. 1 lit. b GDPR.

3.5 Documentation for funding providers

Personal data (name, institution, photo and film recordings) of project partners and project participants are processed for the purpose of funding documentation and as proof of activity vis-à-vis our funding provider. This data will not be published without your consent, but will only be made available to the funding body on request. The lawfulness is based on Art. 6 para. 1 lit. b or lit. f GDPR. After settlement of the grant or after expiry of the retention obligation, this data will be deleted by us.

3.6 Image recordings at events

We take photos and video recordings at the event. The photos are published on the website and in social media channels as well as in print media, in particular brochures or folders, to present our activities (see point 21). At corresponding events, information about this will be provided in designated signs.

The legal basis is legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR and §§ 12, 13 DSG. 
You can request the restriction of processing or deletion of an image recording concerning you at any time.

3.7 Participation in competitions

The condition for participation in competitions organized by us is registration for our newsletter. You can unsubscribe from our newsletter at any time. Your personal data (name, address, email address, social media profile data and any comments made on the competition) will be processed to check your eligibility to participate, to run the competition and to notify the winners, and will be stored for the purpose of subscribing to our newsletter (see Newsletter information). The legal basis for the processing is Art. 6(1)b GDPR.

3.8 Newsletter (see point 24)

You have the option of subscribing to our newsletter via our website. To do this, we need your e-mail address and your declaration that you agree to receive the newsletter. In order to provide you with targeted information or to be able to write to you in a personalized manner, we also collect and process your name and voluntary information on areas of interest (or your birthday). As soon as you have registered for the newsletter, we will send you a confirmation e-mail with a link to confirm your registration. You can cancel your subscription to the newsletter at any time by using the unsubscribe option provided at the bottom of every newsletter sent. We will then immediately delete your data in connection with the newsletter dispatch. The legal basis for the processing is Art. 6(1)a GDPR.

3.9 General storage period 

If we have a contractual relationship with you, the data collected by us will remain stored in compliance with our technical and organizational security measures. Should the contractual relationship with you be terminated, we undertake to minimize data, whereby our statutory retention and documentation obligations as well as the statutory limitation periods, which can be up to 30 years in certain cases according to the General Civil Code, for example, must be observed during the storage period. The legal basis for the processing of personal data for the duration of storage is Art. 6 para. 1 lit. b, c, f GDPR or, in the case of consent, Art. 6 para. 1 lit. a GDPR.

3.10 Categories of recipients 

We transfer data to the following categories of recipients, some of which correspond to the definition of processors pursuant to Art. 28 para. 1 GDPR (with corresponding contracts pursuant to Art. 28 para. 3 GDPR)

Payroll accounting, bookkeeping, tax consultancy; IT and system administration; email, web and ICT providers; lawyers or debt collection service; insurance companies (liability - claims settlement) or all the recipient groups listed and named above in the data protection declaration.

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The following data is collected: the browser type and version used, the user's operating system, the user's Internet service provider, the host name of the accessing computer, the date and time of access, websites from which the user's system accesses our website, and websites that are accessed by the user's system via our website.

The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. This data is not merged with other data sources.

The data is stored for a period of 3 months and then automatically deleted.

The legal basis for the processing of the IP address is Art. 6 para. 1 lit. b GDPR. The storage of the data for the above-mentioned period is subject to Art. 6 para. 1 lit. f GDPR.

Cookies are used to make steiermark.com more user-friendly and to customise its content for visitors. None of the cookies used on this site collect information through which you could personally be identified. Almost all websites use cookie technologies and they are essential for the use of steiermark.com.

Cookies are small text files, which enable visitors to be recognised and their website use to be analysed. Many cookies are extremely useful, as they  improve the user experience when revisiting a website. By using the same device and browser as in previous sessions, the cookies can, for example, remember your preferences and use of the site, making the displayed content more relevant to your personal interests and requirements. We only use cookies that are essential to the running of steiermark.com and its optional tools (e.g. holiday enquiry, brochure request). In addition, cookies are used to save settings selected on a previous visit (e.g. language, interests). In all other instances, cookies are only used to save personal data after you have given consent.

To avoid the use of cookies in general, set your browser to only allows these to be placed after your active consent. The way you manage and delete cookies depends on which browser you are using. Use the integrated help function in your brower or visit http://www.aboutcookies.org for step-by-step guides to the most common browsers.

We do, however, advise that without the placement of cookies parts of our website can only partially or not be used at all.

By accepting our cookies and plugins you are allowing the following:

We use the bookmarking service addthis.com on our website. AddThis is operated by Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065, USA. AddThis plugins use cookies that allow you to bookmark or share website content. By activating the plugin, a minimum of the following data will be transmitted to Oracle America, Inc.: IP address, address the AddThis function was activated from, and the service and content that was accessed. Find further information on the purpose and extent of data collection and processing by Oracle America, Inc. at www.addthis.com/privacy.  By using the AddThis field, you are accepting data collection by Oracle America, Inc. Cookies that gather and control user-based online  advertising can be deactivated at www.youronlinechoices.com. We do not process this data.

You can find the AddThis data protection regulations at http://www.addthis.com/privacy/privacy-policy.

We offer you the opportunity to sign in to our services via Facebook Connect. An additional registration on steiermark.com is thus not possible. To sign in, you are redirected to Facebook, where you can use your existing credentials, connecting your Facebook profile with our services. Through this connection we automatically receive the following information from your public profile with Facebook Inc.:

• Full name
• Profile picture
• Age
• Gender
• List of friends

Of this, we use your name and gender, e-mail address, date of birth, profile picture and list of friends to identify you.

Find further information on Facebook Connect and its privacy settings in the Facebook Inc privacy notice https://de-de.facebook.com/about/privacy/ and  terms of use https://www.facebook.com/legal/terms.

Available Application Programming Interfaces (APIs) are used for our Facebook page, which may contain information from your public Facebook profile, including first name and surname, gender, country, place of residence and a link to your profile and picture. All posts, including likes and content that you display on your own Facebook page or add to others, can be collected, exported and used by Steirische Tourismus und Standortmarketing GmbH- STG or one of its subcontractors for business purposes. You can request that your details are deleted by sending an e-mail to info@steiermark.com or a letter to Steirische Tourismus und Standortmarketing GmbH- STG, St.-Peter-Hauptstrasse 243, A-8042 Graz

With your consent, we use the Facebook Pixel on our website, provided by Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). This service allows us to track users as they interact with our site after having clicked on a Facebook ad. Through this we can evaluate the effectiveness of Facebook ads and optimise future advertising measures. The collected data is anonymous to us and does not give any indication of the user’s identity. The details are, however, saved and processed by Facebook, meaning that there is a connection to the user profile. Facebook can use the details for advertising purposes, in line with its data policy (facebook.com/about/privacy). The collected data enables Facebook and its partners to place ads on and outside of Facebook, and cookies can be saved on your device for this purpose.

You can reject the Facebook Pixel data capture and it being used to display Facebook advertisements within the Facebook ad settings:  https://www.facebook.com/settings?tab=ads  Alternatively, you can object via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com. Settings are not platform-dependent, so will cover all devices such as desktop computers and mobile phones.

This website uses Custom Audiences, a web analysis service by Facebook Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Irland ("Facebook"). Facebook Custom Audiences uses so-called tracking tools (e.g. pixel, SDKs and APIs), which are implemented on steiermark.com. These tools send details of user activity on steiermark.com ("event data") to a Meta Platforms, Inc. Server in the USA, where they are saved and used to create Custom Audiences of people who have visited our site ("Custom Audiences of steiermark.com").

Facebook does the following to enable this specific targeting and optimisation: The event data captured on steiermark.com is combined with that collected by other advertisers or means on Facebook to optimise ads. Facebook does not allow other advertisers or third parties to target a specific audience based on event data collected on steiermark.com alone.

By accepting the use of cookies when visiting steiermark.com you are agreeing to the following:

1. Third parties, including Facebook, are allowed to use cookies, web beacons and further storage technologies to collect and receive information from steiermark.com and other websites, required to measure and target ads.
2. Visitors of steiermark.com can reject the capturing and use of their details for targeting purposes.
3. There are platforms that inform users of their options in line with this (e.g. www.aboutads.info/choices or http://www.youronlinechoices.eu/)

If you have given your consent, Google Analytics is used on this website. Google Analytics is a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the confidentiality of the processed data.

We use Google Analytics to analyze website usage, e.g. in the form of anonymized evaluations and graphics on page views and visits, as well as for remarketing, reports on impressions in the Google Display Network, integration of DoubleClick Campaign Manager and Google Analytics reports on performance according to demographic characteristics and interests. The data obtained from this is used to optimize the website and advertising measures and to compile reports on website activities. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns. You can find more information about Google Analytics on the Internet or at www.google.com/analytics. You can find more information on terms of use and data protection at https://policies.google.com/?hl=de.

The following data is recorded during your visit to the website:

• The pages you access, your "click path"
• Your behavior on the pages (e.g. clicks, scrolling behavior and length of stay)
• Your approximate location (country and city)
• Your IP address (in abbreviated form, so that no clear assignment is possible)
• Technical information such as browser, internet provider, end device and screen resolution
• Source of origin of your visit (i.e. via which website or advertising medium you came to us)
• the referrer URL (via which website/advertising medium you came to this website)

This data is transferred to a Google server in the EU and stored there

Recipient
The recipient of the data is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) as the processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google.

Transmission to third countries
A transfer of data to the USA cannot be ruled out.

Storage duration
Google Analytics stores cookies in your web browser for a period of 14 months since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which makes it possible to analyze pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

Legal basis and revocation option
for this data processing is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.

We use Google Tag Manager on our website, a system provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Tag Manager allows us to manage website tags from one interface. It does not use cookies or collect  personal data. Google Tag Manager releases other tags, which may collect data that Google Tag Manager does not access. If a deactivation has been undertaken on domain or cookie level, this will stay in place for all tracking tags implemented by Google Tag Manager.

Google is certified within the EU-US Privacy Shield, and thus complies with the standards and regulations of the European data protection law. You will find further information here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Third-party provider details: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. For more information on data protection, visit the Google websites:

• Privacy statements: https://policies.google.com/privacy?hl=en&gl=en
• FAQ Google Tag Manager: https://support.google.com/tagmanager/?hl=en
• Terms of use Google Tag Manager: https://www.google.com/analytics/tag-manager/use-policy/

Google uses the DoubleClick cookie on websites within its advertising network and services to support AdWords clients and publishers when posting and managing ads. If you visit a website and display or click on an ad from the Google advertising network, a DoubleClick cookie may be stored in your browser. The DoubleClick cookie identifier assigned to your browser is the same as that used on websites featuring DoubleClick ads. If your browser already has a DoubleClick cookie it should not store another one. Find further information on the use of DoubleClick cookies in association with DoubleClick ads in the DoubleClick data protection FAQs. Our website also uses Google Analytics remarketing for online advertising. This entails the use of cookies by third parties, including Google. The combined use of initial supplier (e.g. Google Analytics cookies) and third-party supplier cookies (e.g. DoubleClick cookies) based on previous website visits enables the optimisation and evaluation of the ads you see. Remarketing anonymously collects and stores information on your browsing habits for marketing purposes (targeting / retargeting). Cookies store these details on your computer, enabling an algorithm to display targeted product recommendations and advertising banners when you visit other websites (so-called publishers). This data cannot be used to identify you as a user on other websites. Its sole purpose is to improve the content you see.

Share buttons for the social networks of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, YouTube by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, Instagram by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA and GooglePlus by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States are embedded on our website. We have also integrated a share button for the Steiermark Blog. The individual share buttons can be recognised by their logo.

All share buttons are installed in line with data protection laws. Only once you have clicked on the share button on our site is a direct connection established between your browser and the respective social network. According to the social network operators, no personal or business-related data is captured without clicking on the share button. It is only when users are logged in to their social network account that such data, including their IP address, is collected and processed. Should you not wish for a connection to be established between your visit to our website and a specific social network, please log out of its account.

We incorporate posts and photos from Instagram channels in the Steiermark Blog. Your browser exchanges data with the network that these are downloaded from. When loading an image or layout information, for example, your browser transmits your IP address to the social network Instagram. Instagram also sends information to the browser, which is saved e.g. in cookies.

As website operators, the content of the data transmitted to and from social networks and its use is not known to us. You can find further information on the use of data in the respective social network’s privacy statements.

With each use of our website, i.e. whenever a file is accessed or attempted to be accessed from its server, details of the process are saved in a log file. This data is not related to an individual, so we cannot see which user accessed the file, and we do not attempt to.

Records that are saved:

• Name of the file that was accessed
• Date and time of access
• Transferred data volume
• Notification of whether the access was a success
• Notification of why an error might have occurred
• Name of the internet provider used to access the website
• Where applicable, the operating system and browser software of your computer, and the website
• from which you visited us

The above data is used for statistical purposes only by ourselves and those appointed by us. We use this data to improve our website for you.

Disclosure of campaign data to Steiermark Tourismus partners

In line with marketing campaigns, anonymised data is collected for remarketing purposes on the individual campaign landing pages and passed on to campaign partners. This is used to target ads for visitors of our own and our campaign partnersʼ websites.

If you send us inquiries by e-mail to info@steiermark.com or via the contact form, your details from the e-mail or from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions and, if necessary, transmitted to the contact partners for further processing of the inquiry. Your data will be deleted after 2 years once the inquiry has been processed.

We require certain information to despatch catologues and brochures ordered via our website. These details are solely used to send the requested material, and are not passed on to third parties unless they are involved in delivery. Once the request has been processed, your details are deleted.

The personal data provided by you in the course of an accommodation inquiry / vacation inquiry will be forwarded to the accommodation providers for the purpose of arranging accommodation.

In the course of this data processing, we forward the personal data collected to the following third parties (processors)

• Feratel Media Technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck, Austria
• elements.at New Media Solutions GmbH, Gusswerk Halle 6, Söllheimerstraße 16, 5020 Salzburg, Austria

Data processing is required in accordance with Art. 6 para. 1 lit. b) GDPR for the fulfillment of the contract or for the implementation of pre-contractual measures.

When you make a room booking via www.steiermark.com, we collect the data from you that is necessary to make the reservation, in particular your name, your telephone number, your e-mail address ("contact data") as well as the date of your arrival and departure, your hotel and the type of room you have booked ("booking data").

If you make a booking via www.steiermark.com, your booking data will be forwarded to the accommodation provider you have selected in order to facilitate your reservation. Due to legal regulations and corresponding court or official orders, we are obliged in exceptional cases to disclose data to the ordering authorities or courts. This will then only take place within the scope of our legal obligations.

In the course of this data processing, we forward the personal data collected to the following third parties (processors)

• Feratel Media Technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck, Austria
• Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland
• elements.at New Media Solutions GmbH, Gusswerk Halle 6, Söllheimerstraße 16, 5020 Salzburg, Austria

You can pay by credit card on our website. Payment data is transmitted to the payment service provider in order to process the payment. The payment service provider collects information about the transaction, as well as other information related to the transaction, such as information about goods/services, financial information, information about the interaction between you and the payment service provider, merchant information, including information about payment instruments, device-related information and location data. The payment service provider uses the data for payment processing, credit checks and to monitor and improve its services, among other things.

In the course of this data processing, we forward the personal data collected to the following third parties (processors)

• Feratel Media Technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck, Austria
• Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland
• elements.at New Media Solutions GmbH, Gusswerk Halle 6, Söllheimerstraße 16, 5020 Salzburg, Austria

Data processing is required pursuant to Art. 6 para. 1 lit. b) GDPR for the performance of a contract or in order to take steps prior to entering into a contract

Personal and business-related data (e-mail, name, address) is disclosed on a voluntary basis to access  the tools on our website (e.g. brochure request, vouchers or newsletters). If you send us an e-mail, your e-mail address and further details are only used for the correspondence with yourself.

Where technically possible and acceptable, you can use and pay for services offered by ourselves without disclosing personal data or by using anonymised data or a pseudonym.

We capture images (photos / videos) of our events, in particular press conferences and events with a speech or appearance by those working with or for us.

Guests are advised in invitations and at the event that pictures will be taken. Provided that the "media privilege" is not applicable, the photographer is instructed to ask for consent from small groups. Pictures of large groups at events are used to raise awareness of our organisation and image. We publish these online and, where appropriate, in printed material about our organisation (legitimate interest).

If you are captured as an individual or in a small group, the photographer will ask for your consent before a picture is taken. Should you not wish to be in the photo,  you will have the opportunity to step aside. Provided that the "media privilege" is not applicable, you have the right to decline your consent for all future images.

In the event of revocation, the images will be deleted where technically possibly and an attempt to remove them from any further media will be made. Print brochures will not be withdrawn, but the images will no longer be processed for this purpose. Should costs arise in line with the revocation (website amendments, disposal of printed material) without legitimate interest, then these must be beared by the individual.

There is a right to appeal where there is legitimate interest, although it must be taken into account that an invitation was accepted to an event in a public space, and that the promotion of this event was in the interest of our organisation.

The images will be removed from our website after their copyright has expired or upon withdrawal of consent. Should they have been published in social networks, they will only be deleted upon withdrawal of consent.

https://www.facebook.com/Steiermark.Tourismus/

https://www.facebook.com/Steiermark.Urlaub/ 

Below you will find information about what personal data we collect when you use our fan pages and the services and functions they contain, and how we use this data and for what purposes.

If you contact us, e.g. to ask us questions about the events advertised on the fan page, we will use your name and possibly your e-mail address as well as the other data you provide us with in order to process and answer your questions.

This processing is carried out on the basis of legal regulations that allow us to process personal data insofar as it is necessary to answer your inquiries (e.g. Art. 6 para. 1 b) GDPR) or because we have an overriding legitimate interest in complying with your requests for information (Art. 6 para. 1 f) GDPR).

Once we have responded to one of your inquiries, we will delete your inquiry and information on its processing three years after the end of the respective calendar year.

We offer various community functions on our fan pages with which you can interact with other users, for example by posting articles on our wall, leaving comments or liking or sharing articles.

We would like to point out that these areas are publicly accessible and that any personal information you enter or provide when registering can be viewed by others. We cannot control how other users of our fan pages use this information. In particular, we cannot prevent unsolicited messages from being sent to you.

We collect all data entered in the context of the community functions in order to be able to make the community functions available to you as intended. Without this data, we will not be able to provide you with the corresponding community functions. This data is processed on the basis of legal regulations that allow us to process personal data insofar as it is necessary for the use of a service or the fulfillment of a contract (Art. 6 para. 1 b) GDPR), or because we have an overriding legitimate interest in making the use of the offer as easy and efficient as possible (Art. 6 para. 1 f) GDPR).

Content posted in community areas can be stored indefinitely. If at any time you wish to have content removed, please send us an email to the address given above.

We constantly receive private messages from users with content that directly addresses us. In addition, content and posts that are directly addressed to us or concern us are regularly published on our fan page and in other public areas of Facebook.

We collect this content, which is sent to us or published on our fan page and other public areas of Facebook, so that we can respond accordingly. Depending on the type of content, we may respond to it accordingly, e.g. by contacting the author to help them use our services or by incorporating reviews into improving our services. We will also improve our public relations based on the published content. This data is processed on the basis of legal regulations that allow us to process personal data because we have an overriding legitimate interest in responding appropriately to public communication relating to us (Art. 6 Para. 1 f) GDPR) .

The content sent to us in a private message or posted on our fan pages or other public areas of Facebook can be stored indefinitely. If at any time you would like any posted content to be deleted, please send us an email to the address provided above.

Events for which you may need to register are announced on our fan page. If you register for an event, we process the personal data you provided when registering, such as name and address, as well as contact and communication data such as telephone number and email address and, if necessary, the other information you provided in order to carry out the event event (e.g. to create the guest list, accreditation and admission control, room and personnel planning as well as catering planning) as well as to send you your invitation and notifications about the respective event; We may also use this information for abuse detection and legal defense.

The data is processed on the basis of legal regulations that permit data processing because it is necessary to carry out the registration process and your participation in the respective event (Art. 6 Para. 1 lit. b GDPR) or because we have a legitimate interest to prevent fraud and, if necessary, to provide effective legal defense (Art. 6 Para. 1 f) GDPR).

At events for which you have registered, photos and video recordings may be taken (if necessary by a photographer commissioned by us) in which you may also be depicted.

If you are the central subject of a photograph, the photographer will ask you whether you agree to this before the photograph is taken. In such a case, you grant us the right to reproduce, distribute or make publicly accessible this recording and, if applicable, your contribution and, in particular, to use it for advertising purposes.

We use these recordings to publish impressions of the respective event for the purpose of visualized reporting and for advertising purposes on the fan pages and websites of Steirische Tourismus GmbH.

The data is processed on the basis of legal regulations that permit data processing because we have a legitimate interest in enabling visualized reporting on our event without this conflicting with the overriding interest of the participants (Art. 6 Para. 1 lit. f GDPR).

Usage analysis / page insights

In joint responsibility with Facebook, we analyze how you use our fan pages (page insights).

You can obtain the information required by the GDPR regarding data processing within the context of page insights from Facebook; currently by name in Facebook's data protection information at https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/information_about_page_insights_data.

Facebook also provides you with the relevant content of the contract concluded between Facebook and Sterisch Tourismus GmbH regarding processing under joint responsibility in accordance with Art. 26 GDPR; currently at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

As part of the page insights, we only receive anonymized statistics - we have no access to personal data processed by Facebook.

23.1 The right to confirmation

As data subject, you have the right to demand confirmation that your personal data is being processed by ourselves. You can contact us in line with this at any time at info@steiermark.com.

23.2 The right to be informed

As data subject, you have the  right to obtain free information on the personal data we hold of you and a copy of this. You can contact us in line with this at any time at info@steiermark.com.

Your right to be informed entails the following:

• Intended purpose
• The personal data categories that are processed
• The recipients or recipient categories that personal data has or will be disclosed to
• Where possible, the planned duration your personal data will be stored for, or the criteria that determines this
• Your right to have personal data corrected or erased, limited to use by ourselves or not be processed at all
• Your right to file a complaint with the Austrian data protection authorities as regluatory body and, if they do not hold this, your right to all available information on where the data was obtained

We use software providers and agencies to help run our website, who may gain access to personal data in line with their work. They have committed themselves to upholding our data protection regulations. You can request further information on our service providers from info@steiermak.com.

As data subject, you also have the right to know whether your personal data has been passed on to a third country or international organisation. Should this be the case, you have the right to find out whether the transmitted information is being stored / processed in a legitimate manner.

23.3 The right to rectification

As data subject, you have the right ask to us to amend any incorrect personal data. You can contact us in line with this at any time at info@steiermark.com.

23.4 The right to erase (be forgotten)

As data subject, you have the right to ask us to to delete your personal data with immediate effect where the following applies and a further processing is not required:

Your personal data is no longer necessary in relation to the purpose for which it was collected / processed.

As data subject, you object to the processing in line with GDPR Article 6, paragraph 1, letter a or  GDPR Article 9, paragraph 2, letter a, and there are no overriding legitimate grounds for the processing.

As data subject, you object to the processing in line with GDPR Article 21, paragraph 1 and there are no overriding legitimate grounds for the processing, or you object to the processing in line with GDPR Article 21, paragraph 2.

Your personal data was unlawfully processed.

Your personal data must be deleted in line with Austrian or European Union law.

Should one of the above apply and you wish to have your personal data held by the Steirische Tourismus und Standortmarketing GmbH- STG deleted, contact us at any time at info@steiermark.com.

23.5 The right to restrict processing

As data subject, you have the right to restrict the processing of data held by us where:

You have contested the accuracy of personal data held on yourself and given us adequate time to review this.

Processing is unlawful and you have declined the erasure of your personal data, but wish to restrict its processing.

We no longer need the data, but you require it to establish, exercise or defend a legal claim.

You have objected to the processing in line with GDPR Article 21, paragraph 1 and it is not yet clear whether there is a legitimate ground to override this.

Should one of the above apply and you wish to have the processing of your personal data held by the Steirische Tourismus und Standortmarketing GmbH- STG restricted, contact us at any time at info@steiermark.com.

23.6 The right to data portability

As data subject, you have the right to receive the personal data that has been provided to us in a structured, commonly used and machine-readable format. You also have the right to share this data without hindrance if its processing is in line with GDPR Article 6, paragraph 1, letter a or GDPR Article 9, paragraph 2, letter a or another contract in line with GDPR Article 6, paragraph 1, letter b. Processing must be carried out by automated means and the data must not be required for the performance of a task carried out in the public interest or in the exercise of official authority.

Furthermore, as data subject in line with the right to data portability of GDPR Article 20, paragraph 1, you have the right to request that we transmit your personal data directly to another controller where technically possible and the rights and freedoms of others are not impaired.

To make use of the right to data portability, contact us at any time at info@steiermark.com.

23.7 The right to object

As data subject, you have the right to object to the processing of your personal data in line with GDPR Article 6, paragraph 1, letter e or f  in certain circumstances. You can contact us in regards to this at any time at info@steiermark.com.

You have an absolute right to stop your data being used for direct marketing purposes at any time.

23.8 Right to notification (Article 19 GDPR)

Obligation to notify in connection with the correction or deletion of personal data or the restriction of processing.

23.9 Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR).

The registration for our newsletter is done in a double opt-in process. After registration, you will receive an e-mail asking you to confirm your registration. You agree to the analysis of the newsletter by individual measurement, storage and evaluation of opening rates and the click rates in recipient profiles for the purpose of designing future newsletters according to the interests of our readers. The consent can be revoked with effect for the future. The legality of the data processing operations already carried out remains unaffected by the revocation. You can unsubscribe from the newsletter by clicking the unsubscribe link at the end of each newsletter.

After you have unsubscribed from our newsletter, your e-mail address will be stored by us or our external service provider in a blacklist, if necessary, in order to prevent future mailings. The personal data from the blacklist will only be used for this purpose and will not be merged with other personal data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. We commission a service provider to send our newsletter. This service provider has undertaken to comply with the applicable data protection regulations. You can request more information about the service provider we have commissioned at info@steiermak.com.

25.1 TLS encryption with https

We use https to transmit data securely on the Internet (data protection through technical design Article 25 paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transfer protection by the small lock symbol at the top left of the browser and the use of the https scheme (instead of http) as part of our internet address.

25.2 SSL/TLS encryption of the email contact request

If you use our contact forms, these are also protected by an encrypted connection.